Methods and arrangements in an access system

ABSTRACT

An access system (ACC 1 ) for relating service providers (SP 1 -SPn) to users (U 11 -Um 1 ) includes an edge access server (EAS) connecting the service providers and penults (P 1 -Pk) connecting the users. User devices (UD 11 -UD 14 ) are connected via VLAN:s to a user port (UP 11 ) on the penult. The edge access server has service agents (SA 1 -SAn), an administrator (AD 1 ) and a broadcast handler (BH 1 ), which forms a handling system together with handlers (H 1 -Hk) in the penults. A user (U 11 ) decision including VLAN, service (SP 1 ) and user port (UP 1 ) is sent to the administrator (AD 1 ), which dynamically allocates to the relevant service agent (SA 1 ) a MAC address, defining a relation (R 11 ). A user device (UD 1 ) broadcasts a DHCP request unicasted together with user port (UP 11 ) to the broadcast handler (BH 1 ). The user device (UD 11 ) gets its IP address and IP address to the service sgent (SAl). The device (UD 11 ) broadcasts an ARP request which is unicasted by the penult (P 1 ), to get the MAC address to the service agent (SA 1 ). The MAC address has an internal structure, describing the switching route from source to destination.

TECHNICAL FIELD OF THE INVENTION

The present invention relates to methods and arrangements forsimplifying switching in an access network.

DESCRIPTION OF RELATED ART

Ethernet has been developed mainly as a LAN (Local Area Network)technology, aiming to provide an efficient infrastructure for datanetworks within a company. Originally it was developed for moderatespeed shared media, but current technology applies mainly topoint-to-point links up to 10 Gbit/s, interconnected by high capacityEthernet switches, supporting virtual LAN, VLAN, as described in thestandard IEEE 802.1q. A virtual LAN is a group of system, such ascomputers in a workgroup, that need to communicate with each other, andprotocols that restrict the delivery of VLAN frames to members of theVLAN.

A LAN can be partitioned into multiple VLAN:s, where each VLAN isassigned a number called a VLAN identifier that identifies it uniquelywithin the LAN. A LAN contains at least one VLAN, the default VLAN.

Switches contain advanced self learning features and broadcastbehaviour, which are well suited for the building of for example acorporate network, supporting a number of user groups.

However, in public service structures different requirements are putwith respect to security, scaling and chargeability of services. In thepublic network, each user would ideally have his own completely isolatedset of work groups available. A particular problem is then that thenumber of available VLAN tags, each tag defining a user, is limited to anumber 4096, which is far from enough to serve hundreds of thosands ofusers.

In the international patent application No. WO 00/77983 is descibed atelecommunications system in which users can select services. Servicenetworks and users are connected to a switched domain. The servicenetworks are arranged into groups and each group is allocated a VLAN bykonfiguring the ports in the switches. The users can select services byconfiguring their apparatuses to a selected one of the VLAN:S.

In the international patent application No. WO 00/79830 is described atelecommunication system in which users can select services. A switcheddomain has switches to which service providers and network terminals areconnected. The switches have a user port connected to an uplink port inthe network terminal. The user port is configured for the differentservice providers and the network terminals have corresponding serviceports. The service ports corresponding to predetermined ones of theservices are configured.

In these two applications the number of users is restricted.

In the European patent application EP 1045553 A2 is disclosed VLANbridging of a network. The network has nodes for changing of addresses.A user sending a message via the network addresses it to a receiver.When the message reaches one of the network nodes the receiver addressis changed into a temporary address for the network. This address ischanged back when the message leaves the network via another of thenetwork nodes.

Modern Ethernet bridges (also called switches) have a self-learningmechanism to optimize frame delivery and reduce the amount of traffic ina Local Area Network (LAN). The switch automatically learns the deviceaddresses connected to each port (directly or indirectly via otherswitches) and it only forwards frames to the port associated with thedestination address in the frame.

The Ethernet standard IEEE 802.3 describes a mechanism in the protocol,Embedded Source-Routing Information Field (E-RIF), which can be used todescribe a path between the source and the destination. However, thismechanism is not part of the addressing information in the frame.Switches, in particular “translational switches”, can use thisinformation to optimize frame forwarding; in standard Ethernet thismechanism is only used to tunnel frames between source-routedenvironments.

Self-learning switches have some problems when devices move to anotherport on the switch; the switch handles this by regularly “forgetting”the address information. However, this leads to unnecessary flooding inthe network when the switch relearns addresses that never move. Anotherproblem with this technique is scaling; the memory consumption growslinearly to the number of addresses visible behind each port.

Globally administered (“physical”) MAC addresses lack internal structureand are not suitable for describing switching information.

The E-RIF mechanism is located in the frame payload, thus adding to theframe delivery overhead. For small frames this overhead can be quitesignificant. There is also a restriction that the E-RIF mechanism cannotbe used if incoming frames already contain E-RIF information that mustnot be altered.

SUMMARY OF THE INVENTION

The present invention is concerned with a problem how to create a methodand an access system with an efficient and comparatively simple way ofswitching.

Another problem is how to make the switching efficient in bothdirections between two communicating parts.

Still a problem is how to express the path between the source anddestination allowing network equipment to minimize internal resourceusage and network bandwidth, i.e. there should be no unnecessary frameduplication (flooding) in the network.

Yet a problem is how to implement support for simplified switching,within the reach of a large scale Public Access network based onEthernet technology. The invention encompasses switching support forboth wired and wireless connections between user devices and terminalpoints of an access network.

The problem is solved by an access system including two nodes, the nodesbeing interconnected by an access network supporting exchanging ofEthernet frames. In the access network locally administrated addressesare used. The switching route through the network, or a part of it, isindicated in the frame address field.

Somewhat more in detail the frame address field has directly theidentity of the destination node and identities of at least a part ofintermediate switching nodes along the switching route. In analternative the frame address field has an indication, pointing outwhere the description of the switching route is to be found.

A purpose with the invention is create a method and an access systemwith an efficient and comparatively simple way of switching.

Another purpose is to make the switching efficient in both directionsbetween two communicating parts.

Still a purpose is to express the path between the source anddestination thereby allowing network equipment to minimize internalresource usage and network bandwidth, i.e. there should be nounnecessary frame duplication (flooding) in the network.

Still other purposes are to outline an internal structure of the locallyadministered MAC addresses (SAMAC), to show how this structure can beused to route frames in the access network, to show how the internalstructure can be used to support users changing location to another porton the access network while retaining existing service bindings and toshow how the internal structure can be used to simplify theimplementation of the Edge Access Server (EAS).

Yet a purpose is to implement support for simplified switching, withinthe reach of a large scale Public Access network based on Ethernettechnology. The invention encompasses switching support for both wiredand wireless connections between user devices and terminal points of anaccess network.

An advantage with the invention is that a method and an access systemcan be created, having an efficient and comparatively simple way ofswitching.

Another advantage is that the switching is efficient in both directionsbetween two communicating parts.

Still an advantage is that the path between the source and destinationcan be expressed so as to allow network equipment to minimize internalresource usage and network bandwidth, i.e. there will be no unnecessaryframe duplication (flooding) in the network.

Yet an advantage is that simplified switching can be implemented withinthe reach of a large scale Public Access network based on Ethernettechnology. The invention encompasses switching support for both wiredand wireless connections between user devices and terminal points of anaccess network.

The invention will now be described more in detail with the aid ofembodiments and with reference to the enclosed figures.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 shows a block schematic with an overview of an access system;

FIG. 2 shows a block schematic with more details for the access systemof FIG. 1;

FIG. 3 a shows a diagram over an ethernet frame;

FIG. 3 b shows a diagram over a VLAN tag in the frame;

FIG. 3 c shows a diagram over an address field in the frame;

FIG. 4 shows a block schematic over a user in FIG. 1 with the user'sVLAN:s;

FIG. 5 shows a block diagram over a register in a broadcast handler;

FIG. 6 shows a block schematic over an uplink Ethernet frame;

FIG. 7 shows a block with addresses;

FIG. 8 shows a block diagram over a register in a handler;

FIG. 9 shows a flow chart over a method for defining an access relation;

FIG. 10 shows a flow chart over a DHCP request method;

FIG. 11 shows a flow chart over an ARP request method;

FIG. 12 shows a block shematic over the access system in a multicastsituation;

FIG. 13 shows a flow chart over a multicast method;

FIG. 14 shows a block diagram with address structure;

FIG. 15 shows a block diagram with a direct route;

FIG. 16 shows a block schematic over an access system;

FIG. 17 shows a block diagram with a direct, complete route;

FIG. 18 shows a block schematic over an access system;

FIG. 19 shows a block diagram with an indirect route; and

FIG. 20 shows a block diagram with an indirect, complete route.

DETAILED DESCRIPTION OF EMBODIMENTS

FIG. 1 shows a multiservice access system ACC1 to which users U11, U12,U13, U21, . . . , Um1 and service providers SP1, SP2, . . . , SPn areconnected. An objective is to build the system such that the number ofthe users U11 . . . Um1 can be very great, e.g. in the range of severalhundred thousands users. Another objective is that the number of theservice providers SP1 . . . SPn, that each user can utilize, also is agreat number, e.g. in the range of thousands of services. The accesssystem ACC1 includes nodes P1, P2 . . . Pk, to which the users areconnected with the aid of Ethernet technology. The access system alsoincludes a node EAS, to which the service providers are connected. Thenode EAS is connected to the user's nodes P1-Pk via a network, which isan Ethernet based network ETH1 according to the standard IEEE 802.1q.This network is a large network and has among others a number of VLANcapable Ethernet switches, not shown in the figure. The users and theservice providers are connected to each other by individual serviceaccess relations through the network ETH1, e.g. a relation R11 for theuser U11 and the service provider SP1. These relations have a guaranteedquality of service and are secure in the meaning that only the user andthe service provider having the relation can listen to or else utilizethis relation. The relations will be described more in detail below.

The embodiment in FIG. 1 is more closely shown in FIG. 2. The nodes P1,P2, . . . Pk of the access system ACC1, hereinafter called penults, haveuser ports UP11, UP12, UP13, UP21, . . . , UPk1. Each of the user portsare connected to each a single one of the users U11-Um1 by wiresW11-Wk1. The penults P1-Pk have each a handler H1, H2, . . . , Hk, whichadministers the user ports on the respective penult. The handlers haveeach a register REG11, REG21, . . . REGk1. The node EAS of the accesssystem ACC1 is an edge access server, which in turn includes serviceagents SA1, SA2, . . . , SAn with each a respective service port PT1,PT2, . . . , PTn. The edge access server also has interfaces IF1, IF2,IF3, . . . IFj, an administating unit AD1 and a broadcast handler BH1with a register REG1. The units of the edge access server are all boundto an Ethernet frame distribution system SW1. Each of the service agentsare attributed to each a single one of the service providers SP1-SPn.The penults are connected to the edge access server EAS via theinterfaces. The handlers H1-Hk in the penults are bound to the broadcasthandler BH1 in the edge access server EAS, together forming adistributed handling system. The users U11-Um1 have each a number ofuser devices and e.g. the user U11 has devices UD11, UD12, UD13 andUD14, and the user U12 has devices UD21, UD22 and UD23.

As mentioned, the network ETH1 and the users U11-Um1 utilize Ethernettechnology. The Eternet technology therefore will be shortly commentedbelow.

In FIG. 3 a is shown an Ethernet frame FR1 according to the standardIEEE802.1q. The frame has a field D1 for a destination address and afollowing field S1 for a source address. It also has a field T1 fordefining a type of Ethernet frame. A field VL1 points out which VLANthat is concerned and a field EPL1 contains the payload, the messagethat is to be transmitted. An address F is reserved as a broadcastaddress.

In FIG. 3 b the field VL1 is shown in some more detail. It has 16 bitswhich includes 3 bits for a priority tag PTG1, one indicator bit and 12bits in a field VTG1 for a VLAN tag. It is this VLAN tag that points outthe specific VLAN and as this tag has 12 bits it can distinguish2¹²=4096 different VLANs.

FIG. 3 c shows the source address field S1, which consists of 48 bits.One bit L1 points out whether the address is locally or globallyadministrated. One bit M1 points out whether the frame FR1 is amulticast frame used for e.g. IP multicast messages. The remaining 46bits in a field ADR1 are address bits for MAC addresses. Any of the userdevices has one globally administrated MAC address, which is given bythe manufacturer of the device. The user device UD11 in FIG. 2 forexample has an address UMAC1. The MAC address is unique for the device.From the description below it will also appear that the number ofdifferent service providers, e.g. among the service providers SP1-SPn,that can be connected to one and the same of the users, is restricted bythe number of the VLAN tags, i.e. the number 2¹²=4096.

In FIG. 4 is shown details how the user devices are related to thepenult. The figure is a logic view over the relations. In the examplethe user U11 has an Ethernet LAN ETH2 containing user VLAN:s with tagsTAG1, TAG2, TAG3 and TAG4, which LAN is connected to the user port PT11via the wire W11. The user device UD11 is in turn attributed to the VLANwith tag TAG1, the device UD12 has the tag TAG2, the device UD13 hasboth the tags TAG2 and TAG3 and the device UD14 has the tag TAG4.

In a common Ethernet, on one hand, the different participants withineach VLAN can communicate with each other freely and efficiently, whichis a basic principle of the Ethernet. A first user that wants to contacta second user sends broadcast an address resolution protocol ARP with arequest “Who has this IP address?”. Everybody in the network can listenand the second user, that has the IP address in question, sends back hisMAC address to the first user. A relation between the users isestablished. In an access system, on the other hand, a fundamentalservice is to both enable establishment of service bindings betweenusers and service providers and, in such bindings, provide a transportservice through the access system such that the service can be deliveredto the user with high security and without any quality degradation. In amulti-service, multi service provider scenario several such bindingsmust be possible for each user at any given point in time, withoutinterference between the bindings or between bindings for differentusers. In the present description will be disclosed how a multiserviceaccess system, e.g. the access system ACC1, will fullfill theserequirements on the services using Ethernet technology.

To get the access network ACC1 to work, first the users decide whichservices they select and which VLAN they decide for a certain of theservices. Each user can make his own decisions for the correspondencebetween VLAN and service, independently of the other users. In thepresent example the user U11 selects the service from the serviceprovider SP1 and decides the VLAN with the tag TAG1 for this service.The user U11 also selects service from provider SP2 and decides the VLANwith the tag TAG2 for this service. Correspondingly the user U11 selectsservice provider SP3 on the VLAN with the tag TAG3 and service providerSP4 on the VLAN with the tag TAG4. Other users can select other servicesand decide other VLAN:s. The user U12, for example, selects the servicefrom service provider SP1 and decides the VLAN with the tag TAG3 forthis service. The user U12 also selects service from the serviceprovider SP3 and decides the VLAN with the tag TAG1 for this service.The users then send their decisions to the administrative unit AD1 inthe edge access server EAS, the users defining themselves by theirrespective user port. This sending can be performed by any suitablemeans, e.g. by assigning a web page, by a common letter or by atelephone call. The administrative unit AD1 also has the informationabout the correspondence between the service providers SP1-SPn and theservice agents SA1-SAn. The administrative unit thus has triplets ofinformation containing service agent, VLAN tag and user port. Gradually,when the users U11-Um1 send their information, the administrative unitAD1 will build up the register REG1 in the broadcast handler BH1, asshown in FIG. 5. For the different user ports UP11-UPk1 correspondinglists L11,L12, L13, L21 . . . Lk1 are created with fields correspondingto the VLAN tags. In this fields are written unique MAC addresses, whichare dynamically allocated to the different service agent's respectiveservice port by the administrative unit AD1.

In the example above the user U11 selected the service from serviceprovider SP1 and decided the VLAN with the tag TAG1. The administrativeunit dynamically allocates a unique MAC address SAMAC1 to the serviceport PT1 of the service agent SA1, connected to the service providerSP1. The address is allocated from a set of locally administratedaddresses, LAA. This address is written on the list L111 for the userport UP11 and in a field pointed out by the VLAN tag TAG1. This meansthat the allocated MAC address SAMAC1 is bound to solely one informationpair which has the user port UP11 and the identification tag TAG1 of theVLAN. Now the relation R11 is defined by the address SAMAC1 for theservice port PT1, the address being bound to the user port UP11 and theVLAN tag TAG1. It should be noted that no other participant but theservice provider SP1 and the user U11 can utilize the relation R11.Following the above examples, a unique MAC address SAMAC2 is dynamicallyallocated to the service port PT2 of the service agent SA2 and iswritten in a field defined by the VLAN tag TAG2 on the same list L11. Anew relation R21 is created, which is defined by the address SAMAC2 andis bound to the user port UP11 and the VLAN with the tag TAG2. Also aMAC address SAMAC5 is allocated to the service agent SA3, service portPT3, in a field with the tag TAG3 and a MAC address SAMAC6 is allocatedto the service agent SA4, service port PT4, in a field with the tagTAG4.

For the user U12 with the user port UP12 a unique MAC address SAMAC3 isdynamically allocated to the service port PT1 of the service agent SA1and this address is written in a field pointed out by the VLAN tag TAG3on the list L12. For the user U12 also a MAC address SAMAC4 isdynamically allocated to the service agent SA3, service port PT3, andthis address is written in a field pointed out by the VLAN tag TAG1 onthe list L12.

It appears from the above that, in the embodiment, each of the serviceports PT1-PTn can get associated with a set of the unique MAC addressesfor the service agents and that each of these MAC addresses isassociated with only one particular of the user ports UP11-UPk1.

The relations between user port and service agent are built up asdescribed above and are stored in the register REG1, but still the userdevices can t utilize their respective service. It is in fact not evennecessary until now that the user devices are connected. When the usersintend to utilize the services they connect their user devices to thewires W11-Wk1 via the VLAN:s as is shown by an example in FIG. 4 for theuser U11. Then there also must be built up a correspondance between IPaddresses and MAC addresses. To get such a correspondance theconventional DHCP (Dynamic Host Configuration Protocol) is used in thepresent embodiment. The DHCP is an example on a more general serviceattachment request. By this protocol the different user devices will gettheir default gateway, which is the relevant service agent. Then theywill also get their respective IP address and the IP address to therelevant service agent. This is performed in the following manner.

The user device UD11 sends a frame FR2 with the addresses and payload asis shown in FIG. 6. In the destination address field D1 the broadcastaddress F is written. In the source address field S1 the MAC addressUMAC1 for the user device UD11 is written and in the VLAN field VL1 theVLAN tag TAG1 is written, the tag appearing from FIG. 4. The message inthe frame FR2 is “this is a DHCP request”. The users U11-Um1 areconnected via the Ethernet VLANs and have no information about theorganization of the system ACC1. From the horizon of the users they actas if they were connected to a conventional Ethernet and it is thereforethe user device UD11 sends the frame FR2 in FIG. 6 as a broadcastrequest. The aim from the view of the user device UD11 is that thebroadcast request gives the user the identity of the relevant DHCPserver. In the embodiment this sever is the service agent SA1, which hasa set of IP addresses that it can allocate. The broadcast request in theframe FR2 first is intercepted by the handler H1 via the user port UP11.The handler H1, that gets the frame FR2 via the port UP11, adds theidentification for this port. It then packs the port identificationtogether with the frame FR2 as a unicast message U1, see FIG. 2, andsends this message to the broadcast handler BH1 in the edge accessserver EAS. When getting the message U1, the broadcast handler BH1 looksin its register, the register REG1 of FIG. 5. With the aid of the userport UP11 and the VLAN tag TAG1 it finds the MAC address SAMAC1 for theservice agent SA1. Now the default gateway, the service agent SA1, forthe user device U11 is found. The user device UD11 also must be given anIP address itself and an IP address to its default gateway, which isperformed in the following manner. The broadcast handler sends therequest to the found service agent SA1, which now has the information asappears from a table TAB1 in FIG. 7. This information is the own portaddress SAMAC1, the VLAN tag TAG1, a subnet mask SM1, the user MACaddress UMAC1 and the service agent's own IP address IPSAL. From its setof IP addresses the service agent SA1 now allocates an IP address IPUD11to the user device UD11, which is associated with the content in thetable TAB1. In a conventional manner, according to the DHCP protocol,information is transfered back to the user U11. The DHCP responseincludes the IP address IPSAL of the service agent as default gatewayaddress, the allocated IP address IPUD11 and the subnet mask SM1. Theuser device UD11 stores the IP address IPSAL to the service agent SA1,its own IP address IPUD11 and the subnet mask, as host configurationdata in a conventional manner.

In a corresponding manner the other devices of the user U11 send theirDHCP requests with their MAC addresses and corresponding VLAN tag, thetags appearing from FIG. 4. Note that the user device UD13 has to sendtwo DHCP requests with the tags TAG2 respective TAG3.

The relation R11 is now established on an IP level. When the serviceagent SA1 gets an IP packet with the address IPUD11 it finds theinformation in the table TAB1 and sends the packet to the correctreceiver with the MAC address UMAC1. The user device UD11 also has theIP address IPSA1 to the service agent, its “default gateway”. The userdevice UD11 utilizes in conventional manner an ARP request (AddressResolution Protocol) to get a MAC address to the IP address IPSA1. Theuser device UD11 therefore transmits broadcast the ARP message which isreceived by the handler H1 in the penult P1 via the user port UP11. Thehandler adds the identification for the user port and sends the messageunicast to the broadcast handler BH1 in the edge access server EAS. Thebroadcast handler looks in its register REG1 on the list L11 for theuser port UP11. On the VLAN tag TAG1 the broadcast handler finds theservice agent MAC address SAMAC1. It transmits the address SAMAC1 to thehandler H1, which in turn responds with the address SAMAC1 to the userdevice UD11. With the aid of the address SAMAC1 the user device UD11 nowcan utilize the relation R11 and get the service from the serviceprovider SP1.

In an alternative embodiment the handler H1 in the penult P1successively creates the register REG11, shown in FIG. 8. The registerREG11 is similar to the register REG1 in the broadcast handler BH1. Theregister REG11 only comprises the penult's own user ports UP11, UP12 andUP13 on respective lists PL11, PL12 and PL13 and the VLAN tags. When theuser device UD11 has made the ARP request for the first time, asdescribed above, the handler H1 gets back the MAC address SAMAC1 fromthe broadcast handler BH1. The handler H1 then fills in the addressSAMAC1 in the register REG11. The next time the user device UD11 makesthe ARP request, the handler H1 first looks in its own register REG11instead of sending the request to the broadcast handler BH1. The handlerH1 finds the requested address SAMAC1 on the VLAN tag TAG1 and sends theaddress immediately back to the user device UD11.

In still an embodiment the register REG11 in the handler H1 is built upwhen the register REG1 in the broadcast handler BH1 is built up.

Below will be described a number of alternative embodiments.

In the above embodiment is described that a user first made the DHCPrequest via the access system ACC1 to get the IP addresses. This requestthen was followed by the ARP request. In an alternative embodiment theconfiguration is performed in an alternative way by alternative means.The request for the IP addresses can e.g. be performed by so calledstatic configuration. After this configuration the user device makes theARP request as described above to get the MAC address to its defaultgateway, the relevant service agent. In the same way as described aboveall ARP requests from the users, also when not preceeded by a DHCPrequest, will be intercepted by the penult and result in the address tothe respective default gateway. In this way all communication betweendifferent users is forced to flow to the service agent. It was alsodescribed that the dynamically allocated MAC addresses were locallyadministrated addresses, LAA. An alternative is that a set of MACaddresses is bought from the IEEE.

The service agent successively builds up a list for translating betweenIP addresses and user device MAC addresses. When it receives a packet itreads the IP address and if this address is whitin the service agent'sown administrated subnet it looks for the IP address and finds the userMAC address. The service agent forwards the packet to this user MACaddress and packets with any other IP address will be forwarded to theservice provider.

In connection with FIGS. 1 and 2 was described that the distributedhandler system comprised the handler H1 in the penult and the broadcasthandler BH1 in the edge access server EAS. The penult and the edgeaccess server were interconnected by the network ETH1. In an alternativeembodiment the penult is a unit close to the edge access server. Thetransmission of messages between the penult and the edge access serveris performed by Ethernet frames without the interconnecting networkETH1. It is even so that the penult can be regarded as a part of theedge access server itself. It should be noted that the edge accessserver EAS, the penults P1-Pk, the handler registers REG1, REG11-REGk1and other parts of the access system not necessarily are physical units.Rather they are functional units which can be centralized or distributeddepending on what is most appropriate in a situation.

In the embodiment in connection with FIG. 2 each of the service accessrelations was defined by solely one unique service agent MAC address,e.g. the relation R11 defined by the address SAMAC1. Each of the serviceagents therefore could have a set of different MAC addresses allocatedto its service agent port, each address for one of the relations to therespective user port. In an alternative embodiment each service agenthas only one single service agent MAC address for all its differentservice access relations to different of the user ports. The respectiveservice access relation is in this embodiment defined by a completeaccess relation identifier including the service agent MAC address and afurther service access relation identifier. This further identifierappears from the Ethernet header in the transmitted frames. An exampleon such an identifier is the combination of the VLAN tag and the userdevice MAC address.

With the abovementioned further service access relation identifier it isalso possible, in an embodiment, that a plurality of MAC addresses areallocated to the port of one of the service agents. Each of these MACaddresses is then bound to a set of relations, each of the relationshaving its own further identifier.

In connection with FIG. 4 it was described that the user U11 had theEthernet ETH2 with tagged VLAN:s to relate the user devices to thepenult P1. As an alternative the user has a port based VLAN with aswitch, that reads the tag and switches to a port for the relevant userdevice. Still an alternative is that the user has a MAC based VLAN andthe penult checks that the user MAC address corresponds to the VLANidentifier.

In an embodiment the VLAN tag is transmitted from the service agent tothe penult to transmit a requested service to the correct user device.In an alternative embodiment no VLAN tag is transmitted to the penultbut only the service agent MAC address, e.g. SAMAC1. The penult itselfderives the VLAN identity, e.g. the VLAN tag, from the unique serviceagent MAC address, defining the service access relation.

In connection with FIG. 2 it was described that the service providersSP1-SPn were connected to each one of the service agents SA1-San. In analternative a service provider can be connected to two or more serviceagents.

Above is described the use of DHCP request. For other types of servicesthan IP or other types of establishment of a relation between a userdevice and a service agent, other types of broadcast service attachmentrequests can be used.

By the broadcast handler also those alternative requests are replied toby a service agent MAC address, which is identified in the same way asfor the DHCP. As an example can be mentioned the use of PPP overEthernet, PPPoE, where a broadcast PPPOE request will be responded witha service agent MAC address to the service agent acting as PPPoE server.Also, the ARP request is mentioned above. For other protocols than theIP protocol similar procedures are utilized to bring about addressresolution.

In connection with a flow chart in FIG. 9 will be descibed an overviewover the above method of defining the service access relations in themultiservice access system ACC1. In a step 90 one of the users decidesone of his VLAN:s for one of the services, e.g. the user U11 selects theservice from the service provider SP1 and decides the VLAN with the tagTAG1 for the service. The user sends the the decided tag and theselected service together with his user port UP11 to the administrativeunit AD1 in a step 91. In a step 92 the administrative unit checks whichone of the service agents SA1-SAn that corresponds to the selectedservice and finds the service agent SA1. The administrative unitdynamically allocates the unique service agent MAC address SAMAC1 to theservice agent SA1 in a step 93. The register REG1 is created in thebroadcast handler BH1 in a step 94, in which register the service agentMAC address SAMAC1 is related to the user port UP11 and VLAN tag TAG1.Thereby the service access relation R11 is defined, step 95.

The method of building up the correspondance between IP addresses andMAC addresses will be described in short in connection with flow chartsin FIG. 10 and FIG. 11. In a first step 100 in FIG. 10 the handler H1receives the broadcast DHCP request with the frame FR2 from the userdevice UD11. The frame includes both the user MAC address UMAC1 and theVLAN tag TAG1. The handler H1 adds the user port identification UP11 ina step 101 and in a step 102 the handler sends the complete messageunicast to the broadcast handler BH1 in the edge access server EAS. Thebroadcast handler notes the user port UP11 and the VLAN tag TAG1 in astep 103 and, looking in its register REG1, it points out thecorresponding unique service agent MAC address SAMAC1 in a step 104. Ina step 105 the broadcast handler finds the relevant service agent SA1.Now the first part of the procedure is ready, finding the defaultgateway. Next part is to send IP addresses to the user device. In a step106 the broadcast handler BH1 sends the user port and the VLAN tag tothe service agent SA1. In a step 107 the service agent SA1 allocates theIP address IPUD11 to the user device UD11. In a conventional manner theservice agent sends the DHCP response, including the own IP addressIPSA1 and the allocated IP address IPUD11, step 108. In a step 109 theuser device stores the received IP addresses. The relation R11 is nowestabished on IP level. It should be noted that the procedure describedin connection with FIG. 10, finding the default gateway in the steps 100to 105 and the user device receiving the IP addresses in the steps 106to 109, can be performed in alternative ways. One such way is by thestatic configuration procedure as mentioned above.

The procedure when the service access relation R11 is established in thereverse direction, from the user side to the service agent side, will bedescribed shortly in connection with the flow chart in FIG. 11. In afirst step 110 the handler H1 in the penult P1 receives an ARP messagefrom the user device UD11 on the user port UP11. The handler adds theport identification in a step 111 and in a step 112 the handler H1 sendsa message, including the ARP message and the port, unicast to thebroadcast handler BH1. The broadcast handler looks in the register REG1for the user port UP11 and the VLAN tag TAG1 and finds the service agentMAC address SAMAC1, step 113. In a step 114 the broadcast handler sendsthe address SAMAC1 to the handler H1 and in a step 115 the handlertransmits the address SAMAC1 to the user and the address is received bythe user device UD11. Alternatively the broadcast handler sends the MACaddress SAMAC1 to the relevant service agent SA1 with an order totransmit the address to the handler H1.

The above described arrangements and procedures are related to unicastaccess between the service agents and the user ports on the penults. Inconnection with FIG. 12 will shortly be described an embodiment withmulticast access. FIG. 12 shows a somewhat simplified view of FIG. 2with the access system ACC1 interconnecting the service providersSP1-SPn and the users U11-Um1. The access system has, as above, the edgeaccess server EAS and the penults P1-Pk interconnected by the Ethernetnetwork ETH1. In this network are shown Ethernet switches SW191, SW192and SW193 supporting multicast. Also the penults P18, P19 and P20support multicast access. In the figure is shown a multicast accessrelation MR11 from the service agent SA19 to the penults P18, P19 andP20. The penult P19 has the user port UP191 with a connection to theuser U191 and the user port UP192 connected to the user U192. The penultP20 has the user port P201 connected to the user U193. The user 191 hasuser devices UD191 and UD192 attributed to the user port UP191 via aVLAN with a VLAN tag TAG19 and the user U192 has a user device UD193attributed to the user port UP192, also via the VLAN with the tag TAG19.The user U193 has a user device UD194 which is attributed to the userport UP201, also via the VLAN with the tag TAG19.

The aim with the multicast access relation MR11 is, naturally, todistribute a service from the service provider SP19 via the serviceagent SA19 to the users. Note that this distribution takes place onlydownstream, from the service provider to the users. The distribution isperformed by branching up the service access relation MR11 in the edgeaccess server, in the switches and in the penults. The relation MR11 tothe users, which utilize the service from the provider SP19, is definedby one and the same MAC address, in the example a MAC address SAMAC19allocated to the service agent SAl9 by the administrative unit AD1. Eachmulticast flow from this service agent has a specific multicast addressto which all participating users are listening. In the multicast framestransmitted via the relation MR11 the multicast bit M1 in FIG. 3 c isset. Furthermore, the service from the service provider SP19 isdistributed on one and the same Ethernet LAN, in the example the VLANwith the tag TAG19, which is bound to the multicast access relationMR11. In the multicast case the users can't decide their own VLAN:s forthe service, but a common decision concerning the VLAN identificationmust be made. The establishing of the relation MR11 is performed in acorresponding way as described above. Also in the multicast access casethe service agent for a certain service can have more than one assignedMAC address, in the same way as described above in the unicast case.

In connection with FIG. 13 will be described an overview over aprocedure for establishing the multicast access relations. In a step 130the VLAN with the tag TAG19 for a selected service from the serviceprovider SP19 is decided. The decision is distributed to the edge accessserver EAS and to the users in a step 131. In a step 132 theadministrative unit AD1 checks which one of the service agents SA1-SAnthat corresponds to the selected service and finds the service agentSA19. The administrative unit AD1 dynamically allocates the serviceagent MAC address SAMAC19 to the service agent SA19 in a step 133, thisMAC address defining the multicast access relation MR11. In a step 134the MAC address SAMAC19 is bound to the decided VLAN with tag TAG19. Ina step 135 the multicast access relation MR11 is estsblished in acorresponding way as is described for the unicast relations. In a step136 the multicast bit M1 is set for frames transmitted over themulticast service access relation MR11.

The services from the service providers SP1-SPn must be delivered with acertain quality level. The resources within the access system ACC1 arehowever limited, which delimits the quality level. An example on alimited resource is the available bandwidth. Many relations, as therelation R11, are to be transmitted via the connections between theservice agent and a switch, between the switch and the penult andbetween the penult and the user VLAN, which relations have to share theavailable bandwidth. The quality of service for the relations aredeicided in agreements and are denoted for each relation in the registerREG1 in FIG. 5. This is exemplified by a quality of service Q having alevel QoS1 denoted on the list L11 for the relation R11, which relationis defined by the service agent MAC address SAMAC1. The quality values,e.g. a bandwidth parameter, are utilzed when the traffic is shaped byshapers in the access system. As examples on shapers are shown, in FIG.2, a shaper SHn in the edge access server EAS and a shaper SHk in thepenult Pk. When shaping the traffic flow the shapers in the edge accessserver look on the service agent MAC addresses, which always appears ina transmitted frame either as source or destination address. With theaid of the address the shaper finds the corresponding value for thequality level. e.g. the value QoS1. In the embodiment when some of therelations were defined by its respective service agent MAC address andthe further service access relation identifier, the shaper has to lookalso on the further identifier. The shaper SHk in the penult Pk canutilize the VLAN tag and the user port in a corresponding manner. Theshaping includes in conventional manner buffering the frames,prioritizing with the aid of the priority tag PTG1 and sheduling.

It can happen that a participant tries to make more use of the accesssystem ACC1 than the agreement allows, e.g. sends more traffic than itis agreed. This means that the participant's traffic even after shapingtakes more bandwidth than the bandwidth parameter allows. The system canlook upon the unique service agent MAC address in the frames and comparewith the agreement. In the relation that uses too much bandwidth thesystem can apply policing and delet some of the transmitted frames. Alsofor this function the system has to look on the further service accessrelation identifier in the alternative embodiment for identifying therelations.

It can also happen that the users exchange their MAC addresses by somemeans and tries to utilize the access system ACC1 for communicationbetween themselves and not with the service providers. To prevent such abehaviour the penults can have a traffic filter, e.g. a filter F21 atthe user port UP21 in the penult P2. The filter reads the addresses inthe transmitted frames. Frames from the user devices may only have theservice agent MAC addresses or the broadcast address as destinationaddress. Frames to the user devices may only have the service agent MACaddresses as source address. Other addresses are not allowed and frameswith such addresses are deleted in the filter. Also, broadcast messagesfrom a user, which are not to be handled by any of the service agents,are deleted.

The MAC addresses can have an internal address structure that is adaptedto the structure of the access network ETH1. This can simplify theimplementation of the network and its components in the access systemACC1.

In FIG. 14 the basic structure of the service agent MAC address isshown. A field 141 includes flag bits and fields 142 and 143 includeroute description.

There are two predefined flag bits in the flag field 141 according tothe Ethernet standard:

-   -   The local bit that determines whether an address is globally (0)        or locally (1) administered. For a service agent MAC address,        e.g. the address SAMAC1, this bit is always one, i.e. locally        administered.    -   The group bit that determines whether an address is unicast (0)        or multicast (1). For a service agent MAC address, e.g. the        address SAMAC1, this bit is always zero, i.e. unicast.

To describe the invention some definitions have to be made:

A route in this context is a description of a path from the source tothe destination. The route may contain a complete description of thepath, with all intermediate steps included, or a partial description ofthe path, with only some steps included; in the latter case othermechanisms such as self-learning switches are used for the steps omittedfrom the route description.

An EAS Route, shown as the field 142 in FIG. 14, is used to describe theroute from one of the users U11 . . . . Um1 to one of the service agentsSA1 . . . SAn in the edge access server EAS.

A User Route, shown as the field 143 in FIG. 14, is used to describe theroute from one of the service agents SA1 . . . SAn in the edge accessserver EAS to one of the users U11 . . . -Um1.

A route, EAS or User Route, can be specified via a direct or an indirectdescription. A direct route description contains the path informationused to route the frame “in situ”, i.e. the actual route, or an encodingof it, is contained in the address itself. An indirect route descriptioncontains a reference to the path information located elsewhere, forexample, in the network equipment such as the edge access server EAS orthe penult P1 . . . Pk.

Different embodiments of a service agent MAC address may contain zero,one or both of the route fields 142 and 143, but the flag field 141 ismandatory. It should be noted that even if one or both of the routefields are omitted, the service agent MAC address still constitutes avalid address denoting one of the service agents in the edge accessserver EAS.

Below four examples on different route descriptions are given inconnection with FIGS. 15 to 20.

Direct, Partial Route Structure

FIG. 15 shows an embodiment with both a direct EAS Route and a directUser Route. The route field 142 has an address field 151 with a serviceagent identity SAID2. The route field 143 includes a field 152 with aport identity PIDE for the edge access server EAS, a field 153 with theidentity UP21 for one of the user ports on the penult P2 and a field 154with a user context identity for one of the users on the port. In thisexample both routes are partial since they contain no information how toroute the frame between the edge access server EAS and the penult.

FIG. 16 is a simplified version of FIG. 2, showing routes R01 betweenthe service agent SA2 and the user U21 through an aggregation networkAG1. The route RO1 is shown in FIG. 15. In the direction from the userthe partial EAS route RO1 only gives the identity SAID2 for the serviceagent SA2. In the direction from the service agent the user route RO1gives the EAS port identity PIDE, the user port identity UP21 for theuser U21 and the user context identity.

Direct, Complete User Route

FIG. 17 shows an embodiment with a direct, complete user route. Theroute field 143 includes a field 171 with the port identity PIDE for theedge access server EAS, a field 172 with a port identity PID11 for afirst switch, a field 173 with a port identity PID22 for a second switchand a field 174 with the port identity UP21 for the user port on thepenult P2. The various fields in the user route can be used directly bythe various levels in the access network to route the frame to thecorrect user. A prerequisite in this example is that each node in thenetwork “knows” its level, so that it can extract and interpret thecorrect information from the address. The following FIG. 18 shows howthe path is found.

FIG. 18 is a simplified version of FIG. 2, showing a route R02 from theedge access server EAS to the user U21 through the aggregation networkAG1. In the network AG1 are shown switches SW11, SW12, SW21, SW22 andSW2 m. The route identities are given in FIG. 17. The user route R02includes the EAS port identity PIDE, the port identity PID11 for thefirst switch SW11, the port identity PID22 for the second switch SW22and the port identity UP21 for the user U21.

Indirect Partial Route

FIG. 19 shows an embodiment of a service agent MAC address containingboth an indirect partial EAS Route and an indirect partial User Route.In the address the route field 142 has an EAS index pointing at an edgeaccess server table EAST1 with service agent identities SAID1 . . .SAIDn. In the address the route field 143 has a user index pointing at apenult table PT1 with the user port identities UP11 . . . Upk1 andcorresponding user context identities.

Finding a path in this case is similar to how it is described inconnection with FIG. 16, except in this case the table EAST1 and thetable PT1 is used in the edge access server and penult respectively todetermine the correct route.

An embodiment of the indirect User Route is suitable to support mobilityfor a user, that needs to move between different locations. Moving aservice binding from one of the user ports to another, simply impliesupdating the penult tables in the involved penults. Depending on thetype of indirect user route description used, updating of tables inother nodes may also be necessary.

Indirect Complete User Route

FIG. 20 shows an exemplifying embodiment of a service agent MAC addresscontaining an indirect complete user route. In the address the routefield 143 has a user index pointing at both switch tables SWT1 and SWT2with switch port identities and at a penult table PT2 with user portidentities.

Finding a path in this case is similar to how it is described inconnection with FIG. 18, except in this case the switch tables SWT1 andSWT2 and the penult table PT2 are used in the switches and the penultrespectively to determine the correct route.

1. A method of switching in an access network, the access networkincluding non-addressable nodes and being suitable for transmittingframes from an addressable source node to an addressable destinationnode, the frame including an address field and a payload field, themethod including: generating a route description over at least a part ofthe route through the access network from the source node to thedestination node, the route description including port identities forports on the non-addressable nodes, on which ports the nodes have toforward the frames; allocating a locally administrated address to thedestination node in accordance with the route description; informing thesource node about the destination node address; writing in the addressfield of the frame to be transmitted the destination node address;writing a direct route description in the address field of the frame tobe transmitted by writing the generated route description.
 2. A methodof switching in an access network, the access network includingnon-addressable nodes and being suitable for transmitting frames from anaddressable source node to an addressable destination node, the frameincluding an address field and a payload field, the method including:generating a route description over at least a part of the route throughthe access network from the source node to the destination node, theroute description including port identities for ports on thenon-addressable nodes, on which ports the nodes have to forward theframes; allocating a locally administrated address to the destinationnode in accordance with the route description; informing the source nodeabout the destination node address; writing in the address field of theframe to be transmitted the destination node address; writing anindirect route description by writing in the address field of the frameto be transmitted an indication pointing out where the generated routedescription is to be found in the network.
 3. The method according toclaim 2, wherein the source node is a user and the destination node is aservice agent of a service provider.
 4. The method according to claim 2,wherein the source node is a service agent of a service provider and thedestination node is a user.
 5. An arrangement for switching in an accessnetwork, the access network including non-addressable nodes and beingsuitable for transmitting frames from an addressable source node to anaddressable destination node, the frame including an address field and apayload field, wherein the address of the destination node is locallyadministrated; the source node has information about the destinationnode address; the address field of the frame to be transmitted has thedestination node address; the address field of the frame to betransmitted has a direct route description of at least a part of theroute through the access network from the source node to the destinationnode, the direct route description including port identities for portson the non-addressable nodes on which ports the nodes have to forwardthe frame.
 6. An arrangement for switching in an access network, theaccess network including non-addressable nodes and being suitable fortransmitting frames from an addressable source node to an addressabledestination node, the frame including an address field and a payloadfield, wherein the address of the destination node is locallyadministrated; the source node has information about the destinationnode address; the address field of the frame to be transmitted has thedestination node address; the address field of the frame to betransmitted has an indication pointing out where an indirect routedescription of at least a part of the route through the access networkfrom the source node to the destination node is to be found in theaccess network, the indirect route description including port identitiesfor ports on the non-addressable nodes on which ports the nodes have toforward the frame.
 7. The arrangement according to claim 6, wherein thesource node is a user and the destination node is a service agent of aservice provider.
 8. The method according to claim 1, wherein the sourcenode is a service agent of a service provider and the destination nodeis a user.
 9. The method according to claim 1, wherein the source nodeis a user and the destination node is a service agent of a serviceprovider.
 10. The arrangement according to claim 5, wherein the sourcenode is a user and the destination node is a service agent of a serviceprovider.